<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.2.xsd">

    <!-- To enable @Pre and @Post Annotations -->
    <security:global-method-security pre-post-annotations="enabled" secured-annotations="enabled"
                                     jsr250-annotations="enabled" />

    <!-- Authentication Manager -->
    <security:authentication-manager alias="authenticationManager">
       <security:authentication-provider
            ref="socialAccountProvider" />
       <security:authentication-provider
            ref="enMeUserAccountProvider" />
        <security:authentication-provider
             user-service-ref="enMeAuthenticationUserService">
            <security:password-encoder ref="passwordEncoder" />
        </security:authentication-provider>
    </security:authentication-manager>

    <!-- Custom authentication providers -->
    <bean id="enmeprovider" class="org.encuestame.core.security.EnMeUsernameProvider" autowire="byName"  />
    <bean id="socialAccountProvider"
        class="org.encuestame.core.security.SocialAccountAuthenticationProvider"  autowire="byName" />
    <bean id="enMeUserAccountProvider"
        class="org.encuestame.core.security.EnMeUserAccountProvider"  autowire="byName" />

    <!-- User Services -->
    <bean id="enMeAuthenticationUserService" class="org.encuestame.core.security.service.EnMeUserServiceImp"
          autowire="byName">
        <property name="roleGroupAuth" value="${spring.sec.roleByGroup}" />
        <property name="roleUserAuth" value="${spring.sec.roleByAuthor}" />
    </bean>
    <bean id="enMeAuthenticationSocialUserService"
        class="org.encuestame.core.security.service.EnMeSocialAccountUserService" autowire="byName" />


    <!-- Password Encoders -->
    <bean id="passwordEncoder" class="org.jasypt.spring.security3.PasswordEncoder">
        <property name="passwordEncryptor">
            <ref bean="jasyptPasswordEncryptor" />
        </property>
    </bean>
    <bean id="jasyptPasswordEncryptor" class="org.jasypt.util.password.StrongPasswordEncryptor" />

    <!-- General Configuration -->
    <security:http
        use-expressions="true"
        entry-point-ref="authenticationEntryPoint"
        access-denied-page="${spring.sec.login.denied}">
        <security:remember-me key="${spring.sec.rememberMe.key}"
            services-alias="_rememberMeServices" token-validity-seconds="10080" />
        <security:anonymous enabled="true"  granted-authority="ENCUESTAME_ANONYMOUS" key="${spring.sec.anonymous.key}" />
        <security:logout logout-success-url="${spring.sec.logout.sucess}"
            invalidate-session="true" logout-url="${spring.sec.logout.url}" delete-cookies="JSESSIONID"/>
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
<!--         <security:session-management invalid-session-url="/user/session/invalid" -->
<!--                   session-fixation-protection="newSession"></security:session-management> -->
        <security:intercept-url pattern="index.jsp"  access="permitAll"/>
        <security:intercept-url pattern="/index/**" access="permitAll"/>
        <security:intercept-url pattern="/error/**" access="permitAll" />
        <security:intercept-url pattern="/home/**"  access="permitAll" />
        <security:intercept-url pattern="/profile/**" access="permitAll" />
        <security:intercept-url pattern="/tags/**"  access="permitAll" />
        <security:intercept-url pattern="/user/signin/**" access="permitAll" />
        <security:intercept-url pattern="/user/forgot/**" access="permitAll" />
        <security:intercept-url pattern="/user/signup/**" access="permitAll"  />
        <security:intercept-url pattern="/user/logout" access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/admon/**/*"  access="hasRole('ENCUESTAME_ADMIN')" />
        <security:intercept-url pattern="/settings/**/*" access="hasRole('ENCUESTAME_USER')" />
        <security:intercept-url pattern="/user/tweetpoll"  access="hasAnyRole('ENCUESTAME_USER','ENCUESTAME_EDITOR')" />
        <security:intercept-url pattern="/user/poll"  access="hasRole('ENCUESTAME_USER')" />
        <security:intercept-url pattern="/user/dashboard"  access="hasRole('ENCUESTAME_USER')" />
        <security:intercept-url pattern="/user/tweetpoll/new"    access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/user/tweetpoll/list"  access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/user/survey" access="hasAnyRole('ENCUESTAME_USER','ENCUESTAME_EDITOR')"  />
        <security:intercept-url pattern="/api/social/**/*"   access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/settings/**/*"  access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/admon/**/*"   access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/survey/**/*"    access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/chart/**/*"   access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/groups/**/*"  access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/api/notifications/**/*"  access="hasRole('ENCUESTAME_USER')"  />
        <security:intercept-url pattern="/resources/**" access="permitAll"/>
    </security:http>

    <bean id="authenticationEntryPoint"
        class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <property name="loginFormUrl" value="${spring.sec.loginPath}" />
        <property name="forceHttps" value="${spring.sec.forceLoginSSL}" />
    </bean>

    <bean id="authenticationProcessingFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureHandler" ref="authenticationFailureHandler" />
        <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler" />
        <property name="filterProcessesUrl" value="/user/signin/authenticate" />
    </bean>

    <bean id="authenticationSuccessHandler"
        class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="${spring.sec.defaultLoginUrl}" />
    </bean>

    <bean id="authenticationFailureHandler" class="org.encuestame.core.security.AuthenticationFailureHandlerImp"/>

    <bean id="voteAccessDecisionManager"
        class="org.springframework.security.access.vote.AffirmativeBased">
        <property name="decisionVoters">
            <list>
                <ref bean="roleVoter" />
            </list>
        </property>
    </bean>

    <bean id="roleVoter" class="org.encuestame.core.security.EnMeRoleVoter">
        <property name="rolePrefix" value="${spring.sec.role.prefix}" />
    </bean>

    <!-- reCaptcha -->
    <bean id="reCaptcha" class="org.encuestame.utils.captcha.ReCaptchaImpl"
        scope="singleton">
        <property name="privateKey" value="6LdyFwUAAAAAAGB3BsjX-j5EgYzULsR3ftiUvwUd" />
        <property name="publicKey" value="6LdyFwUAAAAAAP6p1IeqUM7uMKUYyPazw-haEAUU" />
        <property name="includeNoscript" value="false" />
    </bean>

    <!-- Enable OAuth Security. <import resource="encuestame-security-oauth-context.xml"/> -->

</beans>
